Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested

Security needs spawn services

Managed detection services growing in popularity.

Today's breaking news
Send to a friendFeedback

Companies installing intrusion-detection software to protect their networks are faced with this practical question: Do we have the skills and time to keep the round-the-clock vigils the software requires?

The alternative is going to an outside firm that offers a managed security service that can identify denial-of-service attacks or other threats. This week, Internet Security Systems (ISS), which specializes in scanning software, and start-up Counterpane Internet Security, will each begin offering its own style of managed intrusion-detection services, boosting choice in an underserved area of security.

Although companies such as UUNET, AT&T and Exodus offer managed firewall services, only a few providers, including Pilot Network Services, have ventured to take on what is arguably the bigger challenge. And that's monitoring the customer's internal servers and network traffic, where some type of intrusion-detection sensors must be deployed to determine if systems are under attack.

Unlike the new offerings from ISS and Counterpane, the Pilot Network Services model requires firms to house equipment at a Pilot data center and connect to it by a private line.

"We're doing a security monitoring service by putting a probe on the customer's network to accept audit data from a wide range of devices," says Bruce Schneier, Counterpane's chief technology officer. Schneier, a leading cryptographer, started the company with $7 million in venture-capital funding from Bessemer Ventures and other firms.

Counterpane's Linux-based "black box" sensor captures syslog and audit outputs from Windows NT, Solaris and Linux servers; routers; security gear such as Check Point Software and Cisco Pix firewalls; plus ISS and Tripwire intrusion-detection software.

The Counterpane box regularly transmits the network activity output in encrypted form to Counterpane's data centers in Mountain View, Calif., or Chantilly, Va., where it is monitored around the clock.

"Embedded in this data are the footprints of attacks, and our analysts are trained to understand them," Schneier says, adding Counterpane staffers advise corporations on how to combat threats but do not make changes to the corporation's equipment.

Santa Clara service provider Conxion, which specializes in hosting business-to-business applications for customers including Visa International, has started using the Counterpane service.

"All our critical infrastructure devices report to the Counterpane device," says Conxion security director Mark Kadrich. "We have more than 20 firewalls, we use all the ISS intrusion-detection software, and it's hard to find qualified people to analyze this mind-numbing output."

Although some may argue that outsourcing network security management is an unacceptable risk, Kadrich - who requires everyone on his staff to earn the coveted CISSP security certification - argues otherwise. "Security needs to be results-based, and those unwilling to outsource don't really understand the problem," he says.

Counterpane says its service costs about $12,000 per month.

ISS, which holds about 60% of the market for intrusion-detection software according to market research firm IDC, has also recognized the pent-up demand for outsourcing help.

"We have 5,500 customers today, mostly larger firms, but there are literally millions of businesses drawn to the Internet for business-to-consumer or business-to-business e-commerce," says ISS CEO Thomas Noonan. "For many of them, security is important but misunderstood, and many have small IT departments."

ISS, which offers six products for network and application scanning and vulnerability assessment, has now developed a Managed Security Services platform. The offering, based on technology obtained through the acquisition of a company called Netrex, will enable ISPs and telecommunications firms to provide outsourced security monitoring. Customers will have to deploy the ISS SafeSuite intrusion-detection sensor on their sites to get the security monitoring service.

Under the plan, ISS will supply security experts to work in operation centers at ISPs and telecom firms. These experts will monitor corporate routers, provide Web-content filtering, and watch Check Point and WatchGuard firewalls, as well as the ISS intrusion-detection software.

According to Noonan, Ameritech, AT&T, Embratel, US West, BellSouth, NTT, Savvis and other service providers around the world have signed agreements to use the ISS Managed Security Services platform. Corporate customers for this so-called ePatrol Service will be given remote access to the same security view of their networks as the ISPs and telecom firms will have, Noonan says.

Some companies are already sold on managed security services.

ContiGroup Companies, formerly Continental Grain, has used the Pilot managed service for intrusion detection for about a year, installing the corporate firewall at Pilot.

"We didn't have the staff with the expertise for this, and the relationship with Pilot has worked well to fight viruses and hacking attempts," says Bill Clark, Internet service manager.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.